As a new year unfolds and people return to work, attention is focusing on the potential IT security threats that may emerge in coming months.
With memories of high-profile cyberattacks that occurred during 2022 still very fresh, businesses are keen to ensure they do not become the next victim. Senior managers understand that, to have effective preventative measures in place, they need to understand the security landscape.
During the coming 12 months, the key IT security trends that will emerge include:
- Insurance companies will focus on at-risk vertical sectors:
Cyber insurance has become increasingly popular in recent years as businesses strive to protect themselves from the fallout of a securing incident. At the same time, insurance companies have been requiring firms to have in place strict security measures aimed at preventing attacks.
During 2023, insurance companies are likely to require even stricter measures for businesses operating in vertical sectors that are deemed to be attractive for cybercriminals. The sectors most likely to be affected include healthcare, critical infrastructure, finance, and managed service providers (MSPs). This is because these are the sectors that have gained most attention from attackers in the past and this is likely to continue.
- Cybersecurity will be a key factor when selecting vendors and partners:
In 2022 there were numerous security incidents involving attacks against supply chains. These showed that, even if an organisation has its own house in order, it can still fall victim to an attack because of a failure in the digital supply chain of an external vendor or partner.
In light of such attacks, businesses will need to pay more attention to the security strategies of the partners and vendors with which they do business. Increasing numbers will also make a vendor’s own internal security practices a key part of their product selection decisions.
- The metaverse will become a new cyberattack vector:
As companies such as Meta and ByteDance invest millions of dollars to build new virtual and augmented worlds, attention is turning to how such technologies can be used by businesses. Proponents believe metaverse-like platforms will provide a new way for business people to connect and communicate with colleagues, clients, and partners.
However, while these platforms may deliver benefits, they are also likely to provide new opportunities for cybercriminals to mount attacks. Personal and company details shared via these platforms could be harvested and used to gain access to sensitive resources. Alternatively, they could be used to create virtual deepfakes of real people which can then be used to impersonate them online.
Towards the end of 2022, Meta unveiled its Quest Pro VR/MR headset and positioned it as a productivity tool. Among other things, the Quest Pro allows staff to create a remote connection to their traditional computer desktop, allowing them to see their computer’s screen in a virtual environment.
This is achieved by leveraging existing remote desktop technologies such as Microsoft’s Remote Desktop, or Virtual Network Computing (VNC). Unfortunately, however, these technologies have already been targeted and exploited by cybercriminals in the past.
For this reason, it’s likely the first big metaverse hack that affects a business will result from a vulnerability in existing software. Security teams should be on alert.
- MFA attacks will significantly increase in number:
During 2023, cybercriminals will aggressively target multi-factor authentication (MFA) users as more businesses demand their use when accessing digital resources.
Expect to see a range of new MFA vulnerabilities and bypass techniques to emerge during the year. It’s also likely that cybercriminals will also continue to use social engineering techniques to fool users into divulging security details. An attacker doesn’t have to hack an MFA platform if they can trick a user into clicking on a malicious link.
- A ‘robotaxi’ hack will succeed:
A number of technology companies, such as Baidu and Waymo, have started testing so-called ‘robotaxis’ in many cities around the world. These machines are essentially self-driving cars that provide an Uber or Lyft-like experience but without the need for a human driver. Companies like Baidu claim they have already successfully completed more than a million of these autonomous trips.
It is likely that, during 2023, there will be the first cyberattacks against these new means of transport. While this may not result in a dangerous incident, it could cause delays for users and reduce their level of trust.
- AI-powered coding tools will introduce vulnerabilities into new applications:
The development of AI and machine-learning tools is changing the way developers write software, allowing them to draw on repositories of existing code to create new outputs.
However, if there are security vulnerabilities in the existing code, these could unwittingly be included in finished products. It is likely that, in 2023, there will be incidents where applications are released that include a critical vulnerability introduced by the automated code.
The next 12 months will bring many opportunities for businesses to find new opportunities for growth, but also ever more complex security challenges. By understanding these key trends, security teams will be much better placed to fend off any attacks that might occur.